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DETAILED ACTION 

1. Claims 1-6 and 8-21 are pending. 

2. Response filed 02/20/2007 has been received and considered. 



Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole- would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

4. Claims 1-6 and 8-21 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Howard et al (US 6584505) in view of 
Gupta et al (US 6226752) and further in view of Grandcolas et al 
(EP 1089516) . 

As per claims 1, 9-13, 17, and 20, Howard et al discloses 
inputting at a first system that grants session credentials 
based on successful authentication, a request from a client to 
access a protected resource on the first system (see column 8 
lines 52-53); determining at the first system that a client does 
not have a valid session credential granted by the first system 



(see column 8 lines 54-56) ; retrieving, at the first system, 
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information corresponding to a possible session credential for 
the second system that grants session credentials based on 
successful authentication at the second system (see column 6, 
lines 51-52) ; the first system presenting at least some of the 
information from the session token to the second system; (see 
column 6, lines 51-52 and column 8, lines 54-57). 

Howard et al fails to disclose the use of session token and 
the first system inputting a determination from the second 
system that the client has valid a valid credential with the 
second system and the first system granting access to the 
protected resource on the first system to the client based on 
the determination from the second system that the client has a 
valid session credential with the second system and both the 
first and that both the first and second system have protected 
resources . 

However, Gupta et al teaches the use of session credentials 
(see column 11 lines 10-25) and the first system inputting a 
determination from the second system that the client has valid a 
valid credential with the second system and the first system 
granting access to the protected resource on the first system to 
the client based on the determination from the second system 
that the client has a valid credential with the second system 
and both the first (see column 11 line 39 through column 13 line 
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40) while Grandcolas et al teaches both the first and second 
system have protected resources (see page 2 paragraph [0006]). 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to include the session 
token, the inputting and granting of Gupta et al and for both 
systems to provide protected resources as taught by Grandcolas 
et al in the system of Howard et al. 

Motivation to do so would have been to provide a single 
sign on solution for the web (see Gupta et al column 6 lines 46- 
51) and to provide a single sign on user access to multiple web 
servers (see Grandcolas et al Abstract) . 

As per' claims 2 and 14, the modified Howard et al, Gupta et 
al and Grandcolas et al system discloses granting a session 
credential to the client by the first system, after determining 
that the client has a valid session credential granted by the 
second system (see Howard column 8, line 66 through column 9, 
line 6) . 

As per claim 3, the modified Howard et al, Gupta et al and 
Grandcolas et al system discloses sending a session token to the 
client, the token corresponding to a session credential granted 
by the first system (see Gupta column 11 line 39 through column 
13 line 40) . 
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As per claim 4, the modified Howard et al, Gupta et al and 
Grandcolas et al system discloses a method comprising directing 
the client to the second system to establish a session 
credential based on successful authentication at the second 
system, after determining that the client does not have a valid 
session credential granted by the second system (see Howard 
column 6, lines 51-52 and column 8, lines 54-57) . 

As per claim 5, the modified Howard et al, Gupta et al and 
Grandcolas et al system discloses directing the client to the 
first system to establish a session credential based on 
successful authentication at the second system, after 
determining that the client does not have a valid session 
credential granted by the second system (see Howard column 6, 
lines 51-52 and column 8, lines 54-57). 

As per claims 6 and 15, the modified Howard et al, Gupta et 
al and Grandcolas et al system discloses maintaining the client 
session credential granted by the second system (see Howard 
column 9, lines 6-14). 

As per claim 8, the modified Howard et al, Gupta et al and 
Grandcolas et al system discloses retrieving information from 
the session token held by the client comprises: sending a query 
to the client from the first system, the query including 
identification as originating from a domain name corresponding 
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to the second system; and receiving a response to the query (see 
Howard column 8, lines 8-11). 

As per claims 16 and 19, the modified Howard et al, Gupta 
et al and Grandcolas et al system discloses associating session 
credentials for the first system and the second system with the 
client (see Howard column 7, lines 12-25). 

As per claims 18 and 21, the modified Howard et al, Gupta 
et al and Grandcolas et al system discloses granting the client 
session credentials for the first system (see Howard column 7, 
lines 54-63) . 

Response to Arguments 

5. Applicant's arguments filed 02/20/2007 have been fully 
considered but they are not persuasive. Applicant argues the 
motivation provided is insufficient and that the proposed 
combination would destroy the teachings of Howard. 

With respect to Applicant's argument that the motivation 
provided is insufficient, the Examiner recognizes that 
obviousness can only be established by combining or modifying 
the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so 
found either in the references themselves or in the knowledge 
generally available to one of ordinary skill in the art. See In 
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re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this 
case, the portion of Gupta cited for motivation states that the 
single sign on solution is for web applications and in the 
paragraph following the cited motivation it is described that 
these applications include such things as email, word processing 
and ATM functions. Therefore is would be clear to one of 
ordinary skill in the art that providing a single sign on system 
for web applications is advantageous because a user would not 
have to enter a password for every different type of application 
accessing the web whereas Howard is related to a single sign on 
session for a single application (the web browser) . Therefore, 
one of ordinary skill in the art would have been motivated to 
combine the teachings of Gupta with Howard. Moving now to 
Grandcolas, the cited motivation is to provide a single sign on 
system to multiple web servers, in this cited portion it is also 
stated that the user is authentication at a first web server as 
opposed to a dedicated authentication server and that the first 
(and second) web server each has its own functionality. 
Therefore one of ordinary skill in the art would recognize that 
using web servers, which provide a service, as opposed to a 
dedicated authentication server would reduce overhead by 
allowing for a multifunctional server. As shown in the above 
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response, each of the three cited references relate to a single 
sign on system and each of the modifications provide some 
benefit or advantage over the individual systems so the 
motivation and combination is proper. 

With respect to Applicant's argument that the proposed 
combination would destroy the teachings of Howard, Applicant 
merely states what Howard teaches and makes a general allegation 
that these teaching are, "in direct conflict with the proposed 
modifications" but provides no evidence of such conflict. As 
stated in the above rejection (with respect to the claim 
language) , Howard discloses inputting at a first system that 
grants session credentials based on successful authentication, a 
request from a client to access a protected resource on the 
first system (see column 8 lines 52-53); determining at the 
first system that a client does not have a valid session 
credential granted by the first system (see column 8 lines 54- 
56); retrieving, at the first system, information corresponding- 
to a possible session credential for the second system that 
grants session credentials based on successful authentication at 
the second system (see column 6, lines 51-52); the first system 
presenting at least some of the information from the session 
token to the second system; (see column 6, lines 51-52 and 
column 8, lines 54-57), fails to disclose the use of session 
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token and the first system inputting a determination from the 
second system that the client has valid a valid credential with 
the second system and the first system granting access to the 
protected resource on the first system to the client based on 
the determination from the second system that the client has a 
valid session credential with the second system and both the 
first and that both the first and second system have protected 
resources. These final limitations are what Gupta and 
Grandcolas are relied upon to teach. Furthermore, both Howard 
and Gupta relate to a single sign on system with use of an 
authentication server (login server in Gupta) . Furthermore, 
Gupta teaches (as exemplified by Figure 3) that if a user does 
not have a valid session it obtains one with the login server 
and the login server redirects the system back to the 
application server with the session token of the login server 
(the second system) . Next, Grandcolas teaches that the location 
where authentication is provided (i.e. the authentication or 
login server) also provides a service; nowhere in Howard or 
Gupta does it state that their authentication/login server 
cannot provide other functionality. Also as discussed above one 
of ordinary skill in the art would have been motivated to make 
such modifications to Howard; Therefore, the combination does 
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not destroy the functionality of Howard and the rejection under 
35 USC 103 is proper. 



Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the 
extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action 
is set to expire THREE MONTHS from the mailing date of this 
action. In the event a first reply is filed within TWO MONTHS 
of the mailing date of this final action and the advisory action 
is not mailed until after the end of the THREE-MONTH shortened 
statutory period, then the shortened statutory period will 
expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated 
from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Michael 
Pyzocha whose telephone number is (571) 272-38.75. The examiner 
can normally be reached on 7:00am - 4:30pm first Fridays of the 
bi-week off. 



Application/Control Number: 10/026,403 Page 11 

Art Unit: 2137 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Emmanuel Moise can be 
reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be 
obtained from the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free) . If you would 
like assistance from a USPTO Customer Service Representative or 
access to the automated information system, call 800-786-9199 
(IN USA OR CANADA) or 571-272-1000. 



MJP 
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